Return-Path: owner-new-httpd
Received: by taz.hyperreal.com (8.6.10/8.6.5) id LAA06756;
 Fri, 17 Mar 1995 11:13:36 -0800
Received: from get.wired.com by taz.hyperreal.com (8.6.10/8.6.5) with ESMTP id
 LAA06749; Fri, 17 Mar 1995 11:13:34 -0800
Received: by get.wired.com (8.6.10/8.6.5) id LAA26641;
 Fri, 17 Mar 1995 11:12:48 -0800
Date: Fri, 17 Mar 1995 11:12:47 -0800 (PST)
From: Brian Behlendorf <brian@wired.com>
To: new-httpd@hyperreal.com
Subject: Re: patch list vote
In-Reply-To: <9503152021.AA27714@ooo.lanl.gov>
Message-ID: <Pine.BSD.3.91.950317105804.21353I-100000@get.wired.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-new-httpd@hyperreal.com
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

On Wed, 15 Mar 1995, Rob Hartill wrote:
> Here are my votes for the current patch list shown at
>   http://www.hyperreal.com/httpd/patchgen/list.cgi

And here are mine.  Sorry for the delay, as with the rest of you dealing 
with the volume of mail here and elsewhere has proven to be... an 
interesting challenge.

> B1:  The stack-scribbling security hole
+1, but make it an IFDEF.  Later patches reduce its impact but don't 
ameliorate it.

> B2:  SO_LINGER set on client sockets
> vote: +1   (I didn't know what the problem was, but I'm happy with
>              the explanations I've seen)
+1 here as well.
I have a SO_KEEPALIVE patch I need to submit. arg.

> B3:  Server always pauses 3 seconds for scripts
> vote: -1   (this patch is redundant)
-1 as well.

> B4:  <!--#config timefmt --> server-side include doesn't always take
> vote: -1   (I've seen conflicting patches for this, I need to
>              look more carefully at both "solutions"
>             Nicholas forwarded a multi-line patch.
>             Robert Evans has a 1 line patch.
0 - I don't have a problem believing that two patches solve the same 
problem in equally correct ways ;) 

> B5:  XBITHACK not honored on (!--#include--)ed files
> vote: 0    (I've looked at it, but didn't think while looking)
+1 - the code compiled and worked as advertised.

> B6:  access files written w/o O_APPEND
> vote: 0    (I haven't seen any code for this yet)
+1, with Roy's updated patch as of yesterday.

> B7:  Allow directive redundant
> vote: +1   (if that's in "patch.allow_then_deny")
> vote: 0    (otherwsie)
+1.

> B8:  numeric UID fails unless UID in passwd file
> vote: 0    (haven't seen code)
Obsoleted by B18

> P9:  initgroups() done once per connection
> vote: +1   
+1

> P10: MIME headers read 1 character at a time
> vote: 0    (haven't seen code)
+1

> P11: open_locale() and tzset() done once per connect
> vote: +1 
+1

> P12: Shared-memory name server cache
> vote: -1   (couldn't compile it on HP-UX)
0 - I'd give it +1 but I don't know enough about the portability issues 
to be decisive.  Also, this is more than a small patch, and waiting for 
NCSA's 1.4 might be good in this case.

> P14: DBM-based user databases for HTTP authentication
> vote: 0    (haven't seen code)
0 too - this can wait.

> E15: add new CGI variables
> vote: -1   (need to discuss consequences on CGI spec)
0 - I see the need for standardization, and I can always put the patch in 
for my own needs.

> E16: Allow any URL to invoke a script
> vote: 0    (haven't seen the code)
> vote: -1   (if it isn't a compile time option)
0 - I think this is obsoleted by rst's content negotiation stuff.

> B17: raise queue size in listen()
> vote: -1   (there are kernel issues here, I have no argument with
>              the patch, but I'd like to see it more portable first)
+1 as long as it's a compile time option in httpd.h

> B18: Status; 302 should work, and doesn't
> vote: +1
+1

> B19: Embedded blanks in headers don't work
> vote: 0    (haven't seen the code)
> 
> E20: Add multi-homed server support
> vote: 0   (haven't seen the code)
> 
> O21: 'Timeout' config setting missing from httpd.conf
> vote: 0   (trivial)
0 on these as well.

> B22:  Fix another stack scribbling hole
> vote: 0   (haven't seen the code)
+1, as long as we're on 1.3 code we should put this in.

> B23:  AddType for *.cgi, *.shtml won't work in .htaccess
> vote: 0   (haven't seen the code)
+1, this worked fine on my server.

> E24:  Adds content-type negotiation
> vote: -1  (still under development)
-1 as well until rob thau gets another weekend :)

> E25:  Custom error responses
> vote: +1
+1

25 & 26 are the same 
27-29 are the same (some spring cleaning in order)
30&31 are in discussion still

B33-36: +1 on all of them

B37 I'll vote on when I try out the code.

Hope this puts us over the top on some of these.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com  brian@hyperreal.com  http://www.hotwired.com/Staff/brian/